Start of changes for service refresh 4 fix pack 5

Setting a list of enabled named groups

If the default list of enabled named groups is inadequate for your application, you can use the jdk.tls.namedGroups system property to specify an additional list of named groups.

The following list shows the named groups that are enabled by default.

After service refresh 6:

// recommended
   x25519 (29)
   secp256r1 (23)
   secp384r1 (24)
   secp521r1 (25)
   x448 (30)
   ffdhe2048 (256)
   ffdhe3072 (257)
   ffdhe4096 (258)
   ffdhe6144 (259)
   ffdhe8192 (260)

Notes:

Support for ffdhe3072, ffdhe4096, ffdhe6144, and ffdhe8192 requires the IBMJCEPlus or the IBMJCEPlusFIPS providers.
Support for x25519 and x448 requires the IBMJCEPlus provider.

Before service refresh 6:

// recommended
   secp256r1 (23)
   secp384r1 (24)
   secp521r1 (25)

   // NIST curves
   sect283k1 (9)
   sect283r1 (10)
   sect409k1 (11)
   sect409r1 (12)
   sect571k1 (13)
   sect571r1 (14)

   // Non-FIPS curves
   secp256k1 (22)

Additional named groups can be specified by setting the jdk.tls.namedGroups system property. For example:

jdk.tls.namedGroups="secp521r1,secp256r1,ffdhe2048"

The values for named groups must be separated with a comma. If the system property is not defined or the value is empty, the default named groups and preferences are used.

End of changes for service refresh 4 fix pack 5